<?php
-
/**
* File for Parser and related classes
*
* @package MediaWiki
*/
+/** */
+require_once( 'Sanitizer.php' );
+
/**
* Update this version number when the ParserOutput format
* changes in an incompatible way, so the parser cache
'/<br *>/i' => '<br />',
'/<center *>/i' => '<div class="center">',
'/<\\/center *>/i' => '</div>',
- # Clean up spare ampersands; note that we probably ought to be
- # more careful about named entities.
- '/&(?!:amp;|#[Xx][0-9A-fa-f]+;|#[0-9]+;|[a-zA-Z0-9]+;)/' => '&'
);
$text = preg_replace( array_keys($fixtags), array_values($fixtags), $text );
+ $text = Sanitizer::normalizeCharReferences( $text );
} else {
$fixtags = array(
# french spaces, last one Guillemet-left
while ( '' != $text ) {
if($tag==STRIP_COMMENTS) {
- $p = preg_split( '/<!--/i', $text, 2 );
+ $p = preg_split( '/<!--/', $text, 2 );
} else {
$p = preg_split( "/<\\s*$tag\\s*>/i", $text, 2 );
}
return $rnd;
}
- /**
- * Return allowed HTML attributes
- *
- * @access private
- */
- function getHTMLattrs () {
- $htmlattrs = array( # Allowed attributes--no scripting, etc.
- 'title', 'align', 'lang', 'dir', 'width', 'height',
- 'bgcolor', 'clear', /* BR */ 'noshade', /* HR */
- 'cite', /* BLOCKQUOTE, Q */ 'size', 'face', 'color',
- /* FONT */ 'type', 'start', 'value', 'compact',
- /* For various lists, mostly deprecated but safe */
- 'summary', 'width', 'border', 'frame', 'rules',
- 'cellspacing', 'cellpadding', 'valign', 'char',
- 'charoff', 'colgroup', 'col', 'span', 'abbr', 'axis',
- 'headers', 'scope', 'rowspan', 'colspan', /* Tables */
- 'id', 'class', 'name', 'style' /* For CSS */
- );
- return $htmlattrs ;
- }
-
- /**
- * Remove non approved attributes and javascript in css
- *
- * @access private
- */
- function fixTagAttributes ( $t ) {
- if ( trim ( $t ) == '' ) return '' ; # Saves runtime ;-)
- $htmlattrs = $this->getHTMLattrs() ;
-
- # Strip non-approved attributes from the tag
- $t = preg_replace(
- '/(\\w+)(\\s*=\\s*([^\\s\">]+|\"[^\">]*\"))?/e',
- "(in_array(strtolower(\"\$1\"),\$htmlattrs)?(\"\$1\".((\"x\$3\" != \"x\")?\"=\$3\":'')):'')",
- $t);
-
- $t = str_replace ( '<></>' , '' , $t ) ; # This should fix bug 980557
-
- # Strip javascript "expression" from stylesheets. Brute force approach:
- # If anythin offensive is found, all attributes of the HTML tag are dropped
-
- if( preg_match(
- '/style\\s*=.*(expression|tps*:\/\/|url\\s*\().*/is',
- wfMungeToUtf8( $t ) ) )
- {
- $t='';
- }
-
- return trim ( $t ) ;
- }
-
/**
* interface with html tidy, used if $wgUseTidy = true
*
$indent_level = strlen( $matches[1] );
$t[$k] = "\n" .
str_repeat( '<dl><dd>', $indent_level ) .
- '<table ' . $this->fixTagAttributes ( $matches[2] ) . '>' ;
+ '<table' . Sanitizer::fixTagAttributes ( $matches[2], 'table' ) . '>' ;
array_push ( $td , false ) ;
array_push ( $ltd , '' ) ;
array_push ( $tr , false ) ;
}
else if ( count ( $td ) == 0 ) { } # Don't do any of the following
else if ( '|}' == substr ( $x , 0 , 2 ) ) {
- $z = "</table>\n" ;
+ $z = "</table>" . substr ( $x , 2) . "\n";
$l = array_pop ( $ltd ) ;
if ( array_pop ( $tr ) ) $z = '</tr>' . $z ;
if ( array_pop ( $td ) ) $z = '</'.$l.'>' . $z ;
array_push ( $tr , false ) ;
array_push ( $td , false ) ;
array_push ( $ltd , '' ) ;
- array_push ( $ltr , $this->fixTagAttributes ( $x ) ) ;
+ array_push ( $ltr , Sanitizer::fixTagAttributes ( $x, 'tr' ) ) ;
}
else if ( '|' == $fc || '!' == $fc || '|+' == substr ( $x , 0 , 2 ) ) { # Caption
# $x is a table row
if ( $fc != '+' )
{
$tra = array_pop ( $ltr ) ;
- if ( !array_pop ( $tr ) ) $z = '<tr '.$tra.">\n" ;
+ if ( !array_pop ( $tr ) ) $z = '<tr'.$tra.">\n" ;
array_push ( $tr , true ) ;
array_push ( $ltr , '' ) ;
}
}
if ( count ( $y ) == 1 )
$y = "{$z}<{$l}>{$y[0]}" ;
- else $y = $y = "{$z}<{$l} ".$this->fixTagAttributes($y[0]).">{$y[1]}" ;
+ else $y = $y = "{$z}<{$l}".Sanitizer::fixTagAttributes($y[0], $l).">{$y[1]}" ;
$t[$k] .= $y ;
array_push ( $td , true ) ;
}
}
$t = implode ( "\n" , $t ) ;
- # $t = $this->removeHTMLtags( $t );
+ # $t = Sanitizer::removeHTMLtags( $t );
wfProfileOut( $fname );
return $t ;
}
$fname = 'Parser::internalParse';
wfProfileIn( $fname );
- $text = $this->removeHTMLtags( $text );
+ $text = Sanitizer::removeHTMLtags( $text );
$text = $this->replaceVariables( $text, $args );
$text = preg_replace( '/(^|\n)-----*/', '\\1<hr />', $text );
* @access private
*/
function &doMagicLinks( &$text ) {
- global $wgUseGeoMode;
$text = $this->magicISBN( $text );
- if ( isset( $wgUseGeoMode ) && $wgUseGeoMode ) {
- $text = $this->magicGEO( $text );
- }
$text = $this->magicRFC( $text, 'RFC ', 'rfcurl' );
$text = $this->magicRFC( $text, 'PMID ', 'pubmedurl' );
return $text;
$useLinkPrefixExtension = $wgContLang->linkPrefixExtension();
- $nottalk = !Namespace::isTalk( $this->mTitle->getNamespace() );
+ if( is_null( $this->mTitle ) ) {
+ wfDebugDieBacktrace( 'nooo' );
+ }
+ $nottalk = !$this->mTitle->isTalkPage();
if ( $useLinkPrefixExtension ) {
if ( preg_match( $e2, $s, $m ) ) {
# Did we encounter this template already? If yes, it is in the cache
# and we need to check for loops.
if ( !$found && isset( $this->mTemplates[$part1] ) ) {
- # set $text to cached message.
- $text = $linestart . $this->mTemplates[$part1];
$found = true;
# Infinite loop test
if ( isset( $this->mTemplatePath[$part1] ) ) {
$noparse = true;
$found = true;
- $text .= '<!-- WARNING: template loop detected -->';
+ $text = $linestart .
+ "\{\{$part1}}" .
+ '<!-- WARNING: template loop detected -->';
+ wfDebug( "$fname: template loop broken at '$part1'\n" );
+ } else {
+ # set $text to cached message.
+ $text = $linestart . $this->mTemplates[$part1];
}
}
# Load from database
$itcamefromthedatabase = false;
+ $lastPathLevel = $this->mTemplatePath;
if ( !$found ) {
$ns = NS_TEMPLATE;
$part1 = $this->maybeDoSubpageLink( $part1, $subpage='' );
$this->mTemplatePath[$part1] = 1;
$text = $this->strip( $text, $this->mStripState );
- $text = $this->removeHTMLtags( $text );
+ $text = Sanitizer::removeHTMLtags( $text );
$text = $this->replaceVariables( $text, $assocArgs );
# Resume the link cache and register the inclusion as a link
$text = "\n" . $text;
}
}
-
- # Empties the template path
- $this->mTemplatePath = array();
+ # Prune lower levels off the recursion check path
+ $this->mTemplatePath = $lastPathLevel;
+
if ( !$found ) {
wfProfileOut( $fname );
return $matches[0];
}
}
}
-
- # Empties the template path
- $this->mTemplatePath = array();
+ # Prune lower levels off the recursion check path
+ $this->mTemplatePath = $lastPathLevel;
if ( !$found ) {
wfProfileOut( $fname );
}
}
-
- /**
- * Cleans up HTML, removes dangerous tags and attributes, and
- * removes HTML comments
- * @access private
- */
- function removeHTMLtags( $text ) {
- global $wgUseTidy, $wgUserHtml;
- $fname = 'Parser::removeHTMLtags';
- wfProfileIn( $fname );
-
- if( $wgUserHtml ) {
- $htmlpairs = array( # Tags that must be closed
- 'b', 'del', 'i', 'ins', 'u', 'font', 'big', 'small', 'sub', 'sup', 'h1',
- 'h2', 'h3', 'h4', 'h5', 'h6', 'cite', 'code', 'em', 's',
- 'strike', 'strong', 'tt', 'var', 'div', 'center',
- 'blockquote', 'ol', 'ul', 'dl', 'table', 'caption', 'pre',
- 'ruby', 'rt' , 'rb' , 'rp', 'p', 'span'
- );
- $htmlsingle = array(
- 'br', 'hr', 'li', 'dt', 'dd'
- );
- $htmlnest = array( # Tags that can be nested--??
- 'table', 'tr', 'td', 'th', 'div', 'blockquote', 'ol', 'ul',
- 'dl', 'font', 'big', 'small', 'sub', 'sup', 'span'
- );
- $tabletags = array( # Can only appear inside table
- 'td', 'th', 'tr'
- );
- } else {
- $htmlpairs = array();
- $htmlsingle = array();
- $htmlnest = array();
- $tabletags = array();
- }
-
- $htmlsingle = array_merge( $tabletags, $htmlsingle );
- $htmlelements = array_merge( $htmlsingle, $htmlpairs );
-
- $htmlattrs = $this->getHTMLattrs () ;
-
- # Remove HTML comments
- $text = $this->removeHTMLcomments( $text );
-
- $bits = explode( '<', $text );
- $text = array_shift( $bits );
- if(!$wgUseTidy) {
- $tagstack = array(); $tablestack = array();
- foreach ( $bits as $x ) {
- $prev = error_reporting( E_ALL & ~( E_NOTICE | E_WARNING ) );
- preg_match( '/^(\\/?)(\\w+)([^>]*)(\\/{0,1}>)([^<]*)$/',
- $x, $regs );
- list( $qbar, $slash, $t, $params, $brace, $rest ) = $regs;
- error_reporting( $prev );
-
- $badtag = 0 ;
- if ( in_array( $t = strtolower( $t ), $htmlelements ) ) {
- # Check our stack
- if ( $slash ) {
- # Closing a tag...
- if ( ! in_array( $t, $htmlsingle ) &&
- ( $ot = @array_pop( $tagstack ) ) != $t ) {
- @array_push( $tagstack, $ot );
- $badtag = 1;
- } else {
- if ( $t == 'table' ) {
- $tagstack = array_pop( $tablestack );
- }
- $newparams = '';
- }
- } else {
- # Keep track for later
- if ( in_array( $t, $tabletags ) &&
- ! in_array( 'table', $tagstack ) ) {
- $badtag = 1;
- } else if ( in_array( $t, $tagstack ) &&
- ! in_array ( $t , $htmlnest ) ) {
- $badtag = 1 ;
- } else if ( ! in_array( $t, $htmlsingle ) ) {
- if ( $t == 'table' ) {
- array_push( $tablestack, $tagstack );
- $tagstack = array();
- }
- array_push( $tagstack, $t );
- }
- # Strip non-approved attributes from the tag
- $newparams = $this->fixTagAttributes($params);
-
- }
- if ( ! $badtag ) {
- $rest = str_replace( '>', '>', $rest );
- $text .= "<$slash$t $newparams$brace$rest";
- continue;
- }
- }
- $text .= '<' . str_replace( '>', '>', $x);
- }
- # Close off any remaining tags
- while ( is_array( $tagstack ) && ($t = array_pop( $tagstack )) ) {
- $text .= "</$t>\n";
- if ( $t == 'table' ) { $tagstack = array_pop( $tablestack ); }
- }
- } else {
- # this might be possible using tidy itself
- foreach ( $bits as $x ) {
- preg_match( '/^(\\/?)(\\w+)([^>]*)(\\/{0,1}>)([^<]*)$/',
- $x, $regs );
- @list( $qbar, $slash, $t, $params, $brace, $rest ) = $regs;
- if ( in_array( $t = strtolower( $t ), $htmlelements ) ) {
- $newparams = $this->fixTagAttributes($params);
- $rest = str_replace( '>', '>', $rest );
- $text .= "<$slash$t $newparams$brace$rest";
- } else {
- $text .= '<' . str_replace( '>', '>', $x);
- }
- }
- }
- wfProfileOut( $fname );
- return $text;
- }
-
- /**
- * Remove '<!--', '-->', and everything between.
- * To avoid leaving blank lines, when a comment is both preceded
- * and followed by a newline (ignoring spaces), trim leading and
- * trailing spaces and one of the newlines.
- *
- * @access private
- */
- function removeHTMLcomments( $text ) {
- $fname='Parser::removeHTMLcomments';
- wfProfileIn( $fname );
- while (($start = strpos($text, '<!--')) !== false) {
- $end = strpos($text, '-->', $start + 4);
- if ($end === false) {
- # Unterminated comment; bail out
- break;
- }
-
- $end += 3;
-
- # Trim space and newline if the comment is both
- # preceded and followed by a newline
- $spaceStart = max($start - 1, 0);
- $spaceLen = $end - $spaceStart;
- while (substr($text, $spaceStart, 1) === ' ' && $spaceStart > 0) {
- $spaceStart--;
- $spaceLen++;
- }
- while (substr($text, $spaceStart + $spaceLen, 1) === ' ')
- $spaceLen++;
- if (substr($text, $spaceStart, 1) === "\n" and substr($text, $spaceStart + $spaceLen, 1) === "\n") {
- # Remove the comment, leading and trailing
- # spaces, and leave only one newline.
- $text = substr_replace($text, "\n", $spaceStart, $spaceLen + 1);
- }
- else {
- # Remove just the comment.
- $text = substr_replace($text, '', $start, $end - $start);
- }
- }
- wfProfileOut( $fname );
- return $text;
- }
-
/**
* This function accomplishes several tasks:
* 1) Auto-number headings if that option is enabled
return $text;
}
- /**
- * Return an HTML link for the "GEO ..." text
- * @access private
- */
- function magicGEO( $text ) {
- global $wgLang, $wgUseGeoMode;
- $fname = 'Parser::magicGEO';
- wfProfileIn( $fname );
-
- # These next five lines are only for the ~35000 U.S. Census Rambot pages...
- $directions = array ( 'N' => 'North' , 'S' => 'South' , 'E' => 'East' , 'W' => 'West' ) ;
- $text = preg_replace ( "/(\d+)°(\d+)'(\d+)\" {$directions['N']}, (\d+)°(\d+)'(\d+)\" {$directions['W']}/" , "(GEO +\$1.\$2.\$3:-\$4.\$5.\$6)" , $text ) ;
- $text = preg_replace ( "/(\d+)°(\d+)'(\d+)\" {$directions['N']}, (\d+)°(\d+)'(\d+)\" {$directions['E']}/" , "(GEO +\$1.\$2.\$3:+\$4.\$5.\$6)" , $text ) ;
- $text = preg_replace ( "/(\d+)°(\d+)'(\d+)\" {$directions['S']}, (\d+)°(\d+)'(\d+)\" {$directions['W']}/" , "(GEO +\$1.\$2.\$3:-\$4.\$5.\$6)" , $text ) ;
- $text = preg_replace ( "/(\d+)°(\d+)'(\d+)\" {$directions['S']}, (\d+)°(\d+)'(\d+)\" {$directions['E']}/" , "(GEO +\$1.\$2.\$3:+\$4.\$5.\$6)" , $text ) ;
-
- $a = split( 'GEO ', ' '.$text );
- if ( count ( $a ) < 2 ) {
- wfProfileOut( $fname );
- return $text;
- }
- $text = substr( array_shift( $a ), 1);
- $valid = '0123456789.+-:';
-
- foreach ( $a as $x ) {
- $geo = $blank = '' ;
- while ( ' ' == $x{0} ) {
- $blank .= ' ';
- $x = substr( $x, 1 );
- }
- while ( strstr( $valid, $x{0} ) != false ) {
- $geo .= $x{0};
- $x = substr( $x, 1 );
- }
- $num = str_replace( '+', '', $geo );
- $num = str_replace( ' ', '', $num );
-
- if ( '' == $num || count ( explode ( ':' , $num , 3 ) ) < 2 ) {
- $text .= "GEO $blank$x";
- } else {
- $titleObj = Title::makeTitle( NS_SPECIAL, 'Geo' );
- $text .= '<a href="' .
- $titleObj->escapeLocalUrl( 'coordinates='.$num ) .
- "\" class=\"internal\">GEO $geo</a>";
- $text .= $x;
- }
- }
- wfProfileOut( $fname );
- return $text;
- }
-
/**
* Return an HTML link for the "RFC 1234" text
* @access private
# Not in the link cache, add it to the query
if ( !isset( $current ) ) {
$current = $val;
- $tables = $page;
- $join = '';
$query = "SELECT page_id, page_namespace, page_title";
if ( $threshold > 0 ) {
- $textTable = $dbr->tableName( 'text' );
- $query .= ', LENGTH(old_text) AS page_len, page_is_redirect';
- $tables .= ", $textTable";
- $join = 'page_latest=old_id AND';
+ $query .= ', page_len, page_is_redirect';
}
- $query .= " FROM $tables WHERE $join (page_namespace=$val AND page_title IN(";
+ $query .= " FROM $page WHERE (page_namespace=$val AND page_title IN(";
} elseif ( $current != $val ) {
$current = $val;
$query .= ")) OR (page_namespace=$val AND page_title IN(";
if ( $threshold > 0 ) {
$size = $s->page_len;
- if ( $s->page_is_redirect || $s->page_namespace != 0 || $length < $threshold ) {
+ if ( $s->page_is_redirect || $s->page_namespace != 0 || $size >= $threshold ) {
$colours[$pdbk] = 1;
} else {
$colours[$pdbk] = 2;